Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > e16d0c94ff2c9e93ba4eea60f7b68478 > files > 58

krb5-1.6.1-70.el5_9.2.src.rpm

Changeset to fix various use-after-free bugs, among them CVE-2010-0629.

Index: src/kdc/network.c
===================================================================
--- src/kdc/network.c	(revision 22426)
+++ src/kdc/network.c	(revision 22427)
@@ -775,10 +775,8 @@
 	return;
     }
     if (cc != response->length) {
-	krb5_free_data(kdc_context, response);
 	com_err(prog, 0, "short reply write %d vs %d\n",
 		response->length, cc);
-	return;
     }
     krb5_free_data(kdc_context, response);
     return;
Index: src/kadmin/server/server_stubs.c
===================================================================
--- src/kadmin/server/server_stubs.c	(revision 22426)
+++ src/kadmin/server/server_stubs.c	(revision 22427)
@@ -1628,7 +1628,7 @@
      }
 
      if (ret.code != 0)
-	 errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+	 errmsg = krb5_get_error_message(NULL, ret.code);
      else
 	 errmsg = "success";
 
Index: src/lib/krb5/krb/mk_cred.c
===================================================================
--- src/lib/krb5/krb/mk_cred.c	(revision 22426)
+++ src/lib/krb5/krb/mk_cred.c	(revision 22427)
@@ -176,8 +176,8 @@
 
     if ((pcred->tickets 
       = (krb5_ticket **)malloc(sizeof(krb5_ticket *) * (ncred + 1))) == NULL) {
-	retval = ENOMEM;
 	free(pcred);
+	return ENOMEM;
     }
     memset(pcred->tickets, 0, sizeof(krb5_ticket *) * (ncred +1));
 
Index: src/slave/kprop.c
===================================================================
--- src/slave/kprop.c	(revision 22426)
+++ src/slave/kprop.c	(revision 22427)
@@ -1,7 +1,7 @@
 /*
  * slave/kprop.c
  *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -505,12 +505,12 @@
 		free(data_ok_fn);
 		exit(1);
 	}
-	free(data_ok_fn);
 	if (stbuf.st_mtime > stbuf_ok.st_mtime) {
 		com_err(progname, 0, "'%s' more recent than '%s'.",
 			data_fn, data_ok_fn);
 		exit(1);
 	}
+	free(data_ok_fn);
 	*size = stbuf.st_size;
 	return(fd);
 }

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional